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and subtyping for logic programs. The property of subject reduction expresses the consis- 
tency of the type system w.r.t. the execution model: if a program is "well-typed", then all 
derivations starting in a "well-typed" goal are again "well-typed". It is well-established that 
without subtyping, this property is readily obtained for logic programs w.r.t. their standard 
(untyped) execution model. Here we give syntactic conditions that ensure subject reduction 
also in the presence of general subtyping relations between type constructors. The idea is 
to consider logic programs with a fixed dataflow, given by modes. 
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Utilisation des modes pour garantir la propriete de 
"subject reduction" pour les programmes logiques types 

avec sous-typage 

Resume : Nous considerons un systeme de types prescriptif avec polymorphisme para- 
metrique et sous-typage pour les programmes logiques. La propriete de "subject reduction" 
exprime la coherence du systeme de types vis a vis du modele d'execution: si un programme 
est "bien type", alors toutes les derivations a partir d'un but "bien type" sont encore "bien 
typees". II est bien etabli que sans sous-typage, cette propriete est verifiee par les programmes 
logiques munis de leur modele d'execution standard (non type). Dans cet article nous don- 
nons des conditions syntaxiques qui garantissent cette propriete egalement en presence de 
relations de sous-typage entre constructeurs de types. L'idee est de considerer les programmes 
logiques ayant un Hot de donnees fixe, determine par des modes. 

Mots-cles : programmes logiques types, modes, systemes de types, sous-typage, "subject 
reduction" 
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1 Introduction 

Prescriptive types are used in logic and functional programming to restrict the underlying 
syntax so that only "meaningful" expressions are allowed. This allows for many programming 
errors to be detected by the compiler. Godel [9] and Mercury [19] are two implemented typed 
logic programming languages. 

A natural stability property one desires for a type system is that it is consistent with 
the execution model: once a program has passed the compiler, it is guaranteed that "well- 
typed" configurations will only generate "well-typed" configurations at runtime. Adopting 
the terminology from the theory of the A-calculus [21], this property of a typed program 
is called subject reduction. For the simply typed A-calculus, subject reduction states that 
the type of a A-term is invariant under reduction. This translates in a well-defined sense to 
functional and logic programming. 

Semantically, a type represents a set of terms/expressions [10, 11]. Now subtyping makes 
type systems more expressive and flexible in that it allows to express inclusions among these 
sets. For example, if we have types int and real defined in the usual way, we would probably 
want to declare int < real, i.e., the set of integers is a subset of the set of reals. More 
generally, subtype relations like for example list(u) < term, which expresses the possibility 
of viewing a list as a term, make it possible to type Prolog meta-programming predicates 
[6], as shown in Ex. 4 below and Sec. 6. 

In functional programming, a type system that includes subtyping would then state 
that wherever an expression of type a is expected as an argument, any expression having a 
type a' < a may occur. Put differently, an expression of type a can be used wherever an 
expression of type a' > a is expected. The following example explains this informally, using 
an ad hoc syntax. 

Example 1 Suppose we have two functions sqrt : real — > real and fact : int — ► int which 
compute the square root and factorial, respectively. Then sqrt (fact 3) is a legal expression, 
since fact 3 is of type int and may therefore be used as an argument to sqrt, because sqrt 
expects an argument of type real, and int < real. 

Subject reduction in functional programming crucially relies on the fact that there is a 
clear notion of dataflow. It is always the arguments (the "input") of a function that may be 
smaller than expected, and the result (the "output") may be greater than expected. This is 
best illustrated by a counterexample, which is obtained by introducing reference types. 

Example 2 Suppose we have a function 

f : real REF — > real 

let f(x) = x := 3.14; return x 

So f takes a reference (pointer) to a real as argument, assigns the value 3.14 to this real, 
and also return 3.14. Even though int < real, this function cannot be applied to an int REF, 
since the value 3.14 cannot be assigned to an integer. 
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In the example, the variable x is used both for input and output, and hence there is no 
clear direction of dataflow. While this problem is marginal in functional programming (since 
reference types play no essential role in the paradigm), it is the main problem for subject 
reduction in logic programming with subtypes, as we show in the next example. 

Subject reduction for logic programming means that resolving a "well-typed" goal with 
a "well-typed" clause will always result in a "well-typed" goal. It holds for parametric poly- 
morphic type systems without subtyping [11, 13]. 1 

Example 3 In analogy to Ex. 1, suppose Sqrt/2 and Fact/2 are predicates of declared type 
(Real, Real) and (int, Int), respectively. Consider the program 

Fact (3, 6) . 
Sqrt(6,2.449) . 

and the derivations 

Fact(3,x), Sqrt(x,y) Sqrt(6,y) ~> □ 
Sqrt(6, x), Fact(x, y) ~> Fact(2.449, y) 

In the first derivation, all arguments always have a type that is less than or equal to the 
declared type, and so we have subject reduction. In the second derivation, the argument 
2.449 to Fact has type Real, which is strictly greater than the declared type. The atom 
Fact(2.449, y) is illegal, and so we do not have subject reduction. 

In this paper, we address this problem by giving a fixed direction of dataflow to logic 
programs. This is done by introducing modes [1] and replacing unification with double 
matching [2], so that the dataflow is always from the input to the output positions in an 
atom. We impose a condition on the types of terms in the output positions, or more precisely, 
on the types of the variables occurring in these terms: each variable must have exactly the 
declared (expected) type of the position where it occurs. 

In Ex. 3, let the first argument of each predicate be input and the second be output. In 
both derivations, x has type Int. For the atom Fact(3,x), this is exactly the declared type, 
and so the condition is fulfilled for the first derivation. In contrast, for the atom Sqrt(6,x), 
the declared type is Real, and so the condition is violated. 

The contribution of this paper is a statement that programs that are typed according 
to a type system with subtyping, and respect certain conditions concerning the modes, 
enjoy the subject reduction property, i.e., the type system is consistent w.r.t. the (untyped) 
execution model. This means that effectively the types can be ignored at runtime, which 
has traditionally been considered as desirable, although there are also reasons for keeping 
the types during execution [14]. In Sec. 6, we discuss the conditions on programs. 

Most type systems with subtyping for logic programming languages that have been pro- 
posed are descriptive type systems, i.e. their purpose is to describe the set of terms for 

1 However, it has been pointed out [7, 10] that the first formulation of subject reduction by Mycroft and 
O'Keefe [13] was incorrect, namely in ignoring the transparency condition, which we will define in Section 2. 
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which a predicate is true. There are few works considering prescriptive type systems for 
logic programs with subtyping [4, 5, 6, 8, 10]. Hill and Topor [10] give a result on subject 
reduction only for systems without subtyping, and study general type systems with sub- 
types. However their results on the existence of principal typings for logic programs with 
subtyping turned out to be wrong, as pointed out by Beierle [4]. He shows the existence 
of principal typings with subtype relations between constant types only, and provides type 
inference algorithms. Beierle and also Hanus [8] do not claim subject reduction for the sys- 
tems they propose. Fages and Paltrinieri [6] have shown a weak form of subject reduction 
for constraint logic programs with general subtyping relations, where equality constraints 
replace term substitutions in the execution model. 

On the other hand, the idea of introducing modes to ensure subject reduction for standard 
logic programs was already proposed by Dietrich and Hagl [5]. However they do not study 
the decidability of the conditions they impose on the subtyping relation. Furthermore since 
each result type must be transparent (a condition we will define later) , this means effectively 
that in general, subtype relations between type constructors of different arities are forbidden. 
We illustrate this with an example. 

Example 4 Assume types Int, String and List(u) defined as usual, and a type Term that 
contains all terms (so all types are subtypes of Term). Moreover, assume Append as usual 
with declared type (List(u), List(u), List(u)), and a predicate Functor with declared type 
(Term, String), which gives the top functor of a term. In our formalism, we could show 
subject reduction for the query Append([l], [],x), Functor(x, y), whereas this is not possible 
in [5] because the subtype relation between List(Int) and Term cannot be expressed. 

The plan of the paper is as follows. Section 2 mainly introduces the type system. In 
Sec. 3, we show how expressions can be typed assigning different types to the variables, 
and we introduce ordered substitutions, which are substitutions preserving types, and thus 
ensuring subject reduction. In Sec. 4, we show under which conditions substitutions obtained 
by unification are indeed ordered. In Sec. 5, we show how these conditions on unified terms 
can be translated into conditions on programs and derivations. 

2 The Type System 

We will use the type system of [6]. First we recall some basic concepts [1]. When we refer 
to a clause in a program, we mean a copy of this clause whose variables are renamed apart 
from variables occurring in other objects in the context. A query is a sequence of atoms. A 
query is a sequence of atoms. A query Q' is a resolvent of a query Q and a clause H <— B 
if Q = A\, . . . , A m , Q' = (Ai, . . . , Ak-i, B, A k+ i, . . . , A m )6, and H and A k are unifiable 
with MGU 6. Resolution steps and derivations are defined in the usual way. 
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2.1 Type expressions 

The set of types T is given by the term structure based on a finite set of constructors JC, 
where with each K G K, an arity m > is associated (by writing K/m), and a denumerable 
set U of parameters. A flat type is a type of the form K(u\, . . . , u m ), where K <E K. and 
the Ui are distinct parameters. We write t[ct] to denote that the type r strictly contains the 
type a as a subexpression. We write r[u/a] to denote the type obtained by replacing all the 
occurrences of u by a in r. The size of a type r, defined as the number of occurrences of 
constructors and parameters in t, is denoted by size(T). 

A type substitution is an idempotent mapping from parameters to types that is the 
identity almost everywhere. Applications of type substitutions are defined in the obvious 
way. The domain of a type substitution is denoted by dom, the parameters in its range 
by ran. The set of parameters in a syntactic object o is denoted by pars(o). 

We now qualify what kind of subtyping we allow. Intuitively, when a type a is a subtype 
of a type r, this means that each term in a is also a term in r. The subtyping relation < is 
designed to have certain nice algebraic properties, stated in propositions below. 

We assume an order < on type constructors such that: K/m < K' '/to' implies to > m'; 
and, for each K £ /C, the set {K' \ K < K'} has a maximum. Moreover, we assume that 
with each pair K/m < K' /m', an injection lk,k' ■ {1, • • • , m'} — * {!,•■• , m} is associated 
such that lk,k" = ^k,K' <<K',K" whenever K < K' < K" . This order is extended to the 
subtyping order on types, denoted by <, as the least relation satisfying the rules in Table 
1. 

(Par) u < u u is a parameter 

( Constr ) K(n,.,r m )<K'(7i,...y mf ) K <. K , l = Ik,k'- 
Table 1: The subtyping order on types 
Proposition 1 If a < t then size{a) > size(r) . 

Proof: By structural induction on r. □ 
Proposition 2 If a < r then crO < tO for any type substitution 9. 

Proof: By structural induction on r. □ 

Proposition 3 For each type r, the set {a | r < a} has a maximum, which is denoted by 
Max(r). 



INRIA 



Using modes to ensure subject reduction for typed logic programs 



7 



Proof: By structural induction on r. 



□ 



Proposition 4 For all types t and a, Max(r[u/ 'a]) = Max(r)[u/ Max(a)]. 



Proof: By structural induction on r. 



□ 



Note that for Prop. 3, it is crucial that we require that K/m < K'/m' implies m > ml , 
that is, as we move up in the subtype hierarchy, the arity of the type constructors does not 
increase. For example, if we allowed for Emptylist/O < List/1, then by Prop. 2, we would 
also have Emptylist < List(r) for all types r, and so, Prop. 3 would not hold. Note that the 
possibility of "forgetting" type parameters in subtype relations, as in List/1 < Anylist/0, 
may provide solutions to inequalities of the form List(u) < u, e.g. u = Anylist. However, 
we have: 

Proposition 5 An inequality of the form u < t[u) has no solution. An inequality of the 
form t[u] < u has no solution if u G pars(Max(r)). 

Proof: For any type c, we have size(cr) < size(Y[cr]), hence by Prop 1, a ^ t[ct], that is 
u < t[u] has no solution. 

For the second proposition, we prove its contrapositive. Suppose t[u] < u has a solution, 
say t[u/ct] < a. By definition of a maximum and Prop. 3, we have Max(a) — Max(r[u/a]). 
Hence by Prop. 4, Max(a) = Max(T)[u/Max(a)]. By the rules in Table 1, u / Max(r). 
Therefore u ^ pars(Max(r)), since otherwise Max(a) — Max(T)[u/Max(a)] would contain 
Max(a) as a strict subexpression which is impossible. □ 



2.2 Typed programs 

We assume a denumerable set V of variables. The set of variables in a syntactic object o 
is denoted by vars(o). We assume a finite set T (resp. V) of function (resp. predicate) 
symbols, each with an arity and a declared type associated with it, such that: for each 
/ G J 7 , the declared type has the form (n, . . . , r„, r), where n is the arity of /, (n, . . . , r„) G 
T n , t is a flat type and satisfies the transparency condition [10]: pars(ri, . . . , r„) C pars(r); 
for each p G V, the declared type has the form (ti,...,t„), where n is the arity of p 
and (n, . . . ,t„) G T n . The declared types are indicated by writing f Tl ,,, Tn ^ T and p Tl ...r n , 
however it is assumed that the parameters in n, ... ,r n ,r are fresh for each occurrence of / 
or p. We assume that there is a special predicate symbol = u , u where ueW. 

Throughout this paper, we assume that /C, J 7 , and V are fixed by means of declarations 
in a typed program, where the syntactical details are insignificant for our results. In 
examples we loosely follow Godel syntax [9]. 

A variable typing (also called type context [6]) is a mapping from a finite subset of V to 
T, written as {x\ : n, . . . ,x n : r„}. The restriction of a variable typing U to the variables 
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(Var) 
(Func) 
(Atom) 
(Headatom) 
( Query) 
( Clause) 



{x : t, . . .} h x : r 

UHj-.o-j (Ji<Ti<d (»€{!,.. .,n}) 

U\-f Tl ...Tn^r(tl,...,t n ):TQ 

UHjxn ai<TjO (ie{l,...,n|) 

U\-p n ... Tn (t 1 ,...,t n )Atom 

UHf.aj ai<Ti (ie{l,...,n}) 
U\-p Tl ... Tn (ti,...,t n ) Headatom 

£/KAi Atom ... UVA n Atom 
U\-Ai,...,A n Query 

UhQ Query UhA Headatom 
UVA^Q Clause 



6 is a type substitution 
G is a type substitution 



Table 2: The type system. 



in a syntactic object o is denoted as U\ a . The type system, which defines terms, atoms etc. 
relative to a variable typing U, consists of the rules shown in Table 2. 

If for an object, say a term t, we can deduce for some variable typing U and some type 
r that U h t : t, intuitively this term is well-typed. Otherwise the term is ill-typed (and 
likewise for atoms, etc.). 



3 The Subtype and Instantiation Hierarchies 
3.1 Modifying Variable Typings 

Here we present the following result: if we can derive that some object is in the typed 
language using a variable typing U, then we can always modify U in three ways: extending 
its domain, instantiating the types, and making the types smaller. First we define: 

Definition 1 Let U , U' be variable typings. We say that U is smaller or equal U' , denoted 
U<U',ifU= {xi :n,...,x n : r n }, U' = {xi : t[, . . . , x n : T' n }, and for all i G {1, . . . , n}, 
we have T{ < t[. 

The symbols <, >, > are defined in the obvious way. 

We use the notation U' 3< U, which means that there exists a variable typing U" such 
that U' D U" and U" <U. 

Lemma 6 Let U , U' be variable typings and 9 a type substitution such that U' D< U<3 . If 
U h t : <7, then U' h t : o' where a' < aO. Moreover, if U h A Atom then U' h A Atom, 
and if U h Q Query then U' h Q Query. 
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Proof: The proof of the first part is by structural induction. For the base case, suppose 
t 6 V. Then by Rule (Var), t : a G U and hence for some a' < crQ, we have t : a' G V. 
Thus again by (Var), U' ' h t : a' '. 

Now consider the case t = f Tl ... Tn ->T{ti, ■ ■ ■ , t n ) where the inductive hypothesis holds 
for ti, . . . , t n . By Rule (Func), there exists a type substitution 0' such that t& = a, and 
U V ti : a i where <7j < r,0' for each i G {1, . . . , n}. Thus by Prop. 2, UjO < TjO'O. By the 
inductive hypothesis, for alH G {1, . . . , n} we have U' h tj : where <r- < C7j0, therefore 
by transitivity of < we have cr- < r^B'S and hence by Rule (Func), U' \- t : r9'9 (i.e. 
[/' h t : (t6). 

Now suppose ^4 = p Tl ...r n {ti, ■ ■ ■ , t n ). By Rule (Pred), there exists a type substitution O' 
such that U \- U : <Ji where ai < Ti<3' for each i G {1, . . . ,n) . Thus by Prop. 2, cr^O < r,0'0. 
By the first part of the statement, for alH G {1, ... , n} we have U' \- U : ct- where <r- < Uj9, 
therefore by transitivity of < we have cr- < nO'O and hence by Rule (Pred), U' \- A Atom. 

The final case for a query follows directly from Rule (Query). □ 



3.2 Typed Substitutions 

Typed substitutions are a fundamental concept for typed logic programs. Ignoring subtyping 
for the moment, a typed substitution replaces each variable with a term of the same type 
as the variable. 

Definition 2 // U h x\ =ii, . . . , x n =t n Query where distinct variables and 

for each i G {1, . . . , n}, U is a term distinct from Xi, then ({xi/ti, . . . , x n /t n }, U) is a typed 
(term) substitution. The application of a substitution is defined in the usual way. 

To show that applying a typed substitution preserves "well-typedness" for systems with 
subtyping, we need a further condition. Given a typed substitution (6, U), the type assigned 
to a variable x by U must be sufficiently big, so that it is compatible with the type of the 
term replaced for x by 9. 

Example 5 Consider again Ex. 3. As expected, assume that 3, 6 have declared type Int, 
and 2.449 has declared type Real, and Int < Real. Given the variable typing U = {x : 
Int,y : Int}, we have U h x : Int, U h 2.449 : Real, and hence U h x = 2.449 Atom. 
So ({x/2.449}, U) is a typed substitution. Now we have U h Fact(x,y) Atom, but U \f 
Fact(2.449,y) Atom. 

In the previous example, the type of x is too small to accommodate for instantiation to 
2.449. This motivates the following definition. 

Definition 3 A typed (term) substitution {{x\/t\, . . . , x n /t n }, U) is an ordered substi- 
tution if, for each i G {1, . . . , n}, where Xi : Tj G U , there exists o~i such that U h ti : <7j and 
Oi < n. 
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The following result states that expressions stay "well-typed" when ordered substitutions 
are applied [10, Lemma 1.4.2]. Moreover, the type of terms may become smaller. 

Lemma 7 Let {0, U) be an ordered substitution. If U h t : a then U h tO : a 1 for some 
a' < a. Moreover, ifU\-A Atom then U h AO Atom, and likewise for queries and clauses. 

Proof: The proof of the first part is by structural induction. For the base case, suppose 
teV. Then by Rule (Var), t : a G U. If t6 = t, there is nothing to show. If t/s G 9, then 
by definition of an ordered substitution, U h s : a' and hence U h tO : a' where a' < a. 

Now consider the case t — f T1 ... Tn ^ T {t\,...,t n ) where the inductive hypothesis holds 
for ti, . . . ,t n . By Rule (Func), there exists a type substitution such that r© = a, and 
U h U : Oi where <7j < r^9 for each i <G {1, . . . , n}. By the inductive hypothesis, for all 
t€ {1, ...,«} we have U h t;fi : a[ where a[ < o~i, and hence by transitivity of < and Rule 
(Func), U h t : a (i.e. a' = a). 

Now consider an atom A = p Tl ...T n {ti, ■ ■ ■ ,t n )- By Rule (Pred), there exists a type 
substitution such that such that U h ti : o~i where o~i < TiQ for each i G {1, . . . , n}. By 
the inductive hypothesis, for alH G {1, . . . , n} we have XJ V t;fi : a[ where a[ <Oi, and hence 
by Rule (Atom), U h A9 Atom. □ 



4 Conditions for Ensuring Ordered Substitutions 

In this section, we show under which conditions it can be guaranteed that the substitutions 
applied in resolution steps are ordered substitutions. 

4.1 Type Inequality Systems 

The substitution of a resolution step is obtained by unifying two terms, say t\ and ti. In 
order for the substitution to be typed, it is necessary that we can derive U h t\ — ti Atom 
for some variable typing U. We will show that if U is, in a certain sense, maximal, then it 
is guaranteed that the typed substitution is ordered. 

We need to formalise a straightforward concept, namely paths leading to subterms of a 
term. 

Definition 4 A term t has the subterm t in position e. If t = f(ti, . . . ,t n ) and ti has 
subterm s in position £, then t has subterm s in position i.Q. 

Example 6 The term F(G(C),H(C)) has subterm C in position 1.1, but also in position 2.1. 
The position 2.1.1 is undefined for this term. 

Let us use the notation _ h t :< o as a shorthand for: there exists a variable typing U 
and a type a' such that U h t : a' and a' < a. To derive U h t\ = ti Atom, it is clear that 
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Figure 1: The term [x, [y]] and associated inequalities 



the last step has the form 



Uht 2 :T 2 Tl < u6 T 2 < u6 



U h t\ = UjU t 2 Atom 

That is to say, we use an instance (u, u)0 of the declared type of the equality predicate, 
and the types of t\ and t 2 are both less than or equal to u0. This motivates the following 
question: Given a term t such that _ h t :< a, what are the maximal types of subterm 
positions (in particular positions filled with variables) of t with respect to ct? 

Example 7 Let List/1 and Anylist/0 be type constructors, where List(r) < Anylist for 
allr, and List is the usual list type, containing functions Nil_> List ( u ) andCons uList ( u )^ Llst ( u ). 
Consider the term [x, [y]] (in usual list notation) depicted in Figure 1, and let a = Anylist. 
Each functor in this term is introduced by an application of Rule (Func) . Consider for exam- 
ple the term Nil in position 2.1.2. Any type of it is necessarily an instance of List(u 21 - 2 ), 
its declared type. 2 In order to derive that Cons(y,Nil) is a typed term, this instance must 
be smaller (by the subtype order) than some instance of the second declared argument type 
o/Cons in position 2.1, that is, List(u 21 ). 

For the term in position 2.1.1, the variable y, a slightly different consideration applies. 
Its type is given by a variable typing. It is convenient to introduce a parameter u y for this 
variable and consider the type assigned to y by the variable typing as an instance o/u y . 

Analogous arguments can be applied to the other subterms, and so in order to derive that 
[x, [y]] is a term of a type smaller than Anylist, we are looking for an instantiation of the 

2 We use the positions as superscripts to parameters in order to obtain fresh copies of those for every 
application of a rule. 
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parameters such that for each box corresponding to a position, the type in the lower subbox 
is smaller than the type of the upper subbox. That is, we are looking for type substitutions 
such that 



u y e y 


< 


u 21 e 21 


List(u 21 - 2 )e 21 - 2 


< 


List(u 21 )e : 


List(u 21 )e 21 


< 


u 2 e 2 


List(u 2 - 2 )e 2 - 2 


< 


List(u 2 )e 2 


u x e x 


< 


u e e £ 


List( u 2 )e 2 


< 


List(u e )e e 


List( u £ )e e 


< 


Anylist 



For each position £, the type substitution 9^ corresponds to the application of Rule (Func) 
that introduces the functor in this position. For each variable x, the type substitution O x 
defines a variable typing for x. Note however that since the parameters in each application 
are renamed, we can simply consider a single type substitution which is the union of all 
(-)-. 

We see that in order for _ h t :< a to hold, a solution to a certain type inequality system 
(set of inequalities between types) must exist. 

Definition 5 Let t be a term and a a type such that _ h t :< a. For each position £ 
where t has a non-variable subterm, we denote the function in this position by c ( 

( assuming that the parameters in rf , . . . , t^ c , are fresh, say by indexing them with (). For 
each variable x occurring in t, we introduce a parameter u x (so u x £ pars(a)). The type 
inequality system of t and a is 

T(t, a) = {t c < a} U {t^ a < r,- | Position (.i in t is non-variable} U 
{u x < t!? | Position (.i in t is variable x}. 

A solution ofT(t,cj) is a type substitution such that dom(Q) f]pars(a) = and for each 
t < t' G T(t, a), the inequality rO < r'0 holds. 

A solution G to T(t,a) is principal if for every solution & for T(t, a) , there exists a 0' 
such that for each r < t' G T(t, a), we have T0 < tQQ' and r'0 < t'06'. 

So for each subterm /(..., g(. ■■),■■ •) of t, the type inequality system says that the range 
type of g must be less than or equal to the zth argument type of /, where (/(•■•) is in the 
ith position. 

If 6 is a solution for T(t,a), by Prop. 2, for every type substitution 6', we have that 
06' is also a solution for X(t,a). The following proposition follows from the rules in Table 
2 and Def. 5. 
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Proposition 8 Let t be a term and a a type. If U h t :< a for some variable typing U , 
then there exists a solution forJ(t,a) (called the solution for l(t,a) corresponding 
to U) such that for each subterm t' in position C in t, we have 

• U h t' : t^Q, if t' is non-variable, 

• U\-t' : u x O, iff = x andxG V. 

The following lemma says that if t is an instance of s, then a solution to the type 
inequality system for t is also a solution for the type inequality system for s. 

Lemma 9 Consider two terms s and t such that s is linear and s9 = t for some idempotent 
9, and suppose that _ h s :< a and _ h t :< a. If 9 t is a solution of I{t,a), where 
dom(® t ) (~l pars(l(s,a)) C pars(X(t,a)), then 

9 S = 6 t U {u x /r^©t | s has x in position C and x € dom(0)} 

is a solution ofT(s,a). 

Proof: We first show that Q s is a well-defined type substitution. Since s is linear, £ and 
hence r^O t is uniquely defined. Moreover, since 9 is idempotent, x cannot occur in t. 
Therefore u x ^ pars(X(t, a)), and hence by the condition on Ot in the statement, u x 
dom{Q t )- 

For the inequality r e < a and for each r^'* < G I{s, a) such that s has a non- variable 
term in £.i, we have that the same inequality is also in J(t,a), and so Ot, and consequently 
G s , is a solution for it. 

For each u x < G T(s,cr) such that x G dom(9), we have a corresponding inequality 
T £.i < T C m x(t,a). Since T^ 4 t < T?6 t is true and T C *0 t = u x <d s , it follows that 
u x @ s < rf 6 S is true. □ 

Example 8 Let s = [x, z] and t = [x, [y]] and a = Anylist. A solution for I(t, a) is 

9 t = {u y /u 21 , u 212 /u 21 ,u7 Anylist, u 2 - 2 /Anylist,u x /Anylist,u 2 /Anylist} 

(in Ex. 9 it will be shown how this solution is obtained). Now 

lis, a) = {u z < u 2 ,List(u 2 2 ) < List(u 2 ),u x < u e ,List(u 2 ) < List(u £ ), 
List(u e ) < Anylist}. 

By Lemma 9, 6 S = 9 t U (u z /List(u 21 )} is a solution for T(s, a). 

In the next subsection, we present an algorithm, based on [6], which computes a principal 
solution to a type inequality system, provided t is linear. In Subsec. 4.3, our interest in 
principal solutions will become clear. 
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4.2 Computing a Principal Solution 

The algorithm transforms the inequality system, thereby computing bindings to parameters 
which constitute the solution. It is convenient to consider system of both inequalities, and 
equations of the form u = r. The inequalities represent the current type inequality system, 
and the equations represent the substitution accumulated so far. We use ^ for < or =. 

Definition 6 A system is left-linear if each parameter occurs at most once on the left 
hand side of an equation/inequality. A system is acyclic if it does not have a subset {pi ^ 
C7i, ...,p n = Cn} with pars(<Ji) (~l pars{pi+\) ^ for all 1 < i < n — 1, and pars{a n ) (~l 
pars(pi) ^ 0. 

Proposition 10 If t is a linear term, then any inequality system X(t, a) is acyclic and 
left-linear. 

Proof: Consider a non-variable position C m t. There is exactly one inequality in X(t, a) 
with as left-hand side. Moreover, is a flat type (declared range type of a function), thus 
linear, and (because of indexing the parameters in by £) has no parameters in common 
with any other left-hand side of I(t, a). 

Now consider a position £ where t has the variable x. Because of the linearity of t, there 
is exactly one inequality in T(t, a) with u x as left-hand side. 

Let {pi < £7i,..., p n < a n } be a subset of I{t, a) with pars(<Ji) fl pars(pi+i) ^ for all 
1 < i < n — 1. By the definition of T(t, a), if pi — u x for some variable x or if a n = a, then 
pars(<r n ) Dpars(pi) — 0. If however pi < <ti is t^ - 7 < rj and p n < cr n is < for some 
positions £.j and £.1, then £ is a prefix of £, and so, since we use the positions to index the 
parameters, pars(a n ) r\pars(pi) =0. □ 

Example 7 makes it also intuitively clear that assuming linearity of t is crucial for the 
above proposition. 

We now give the algorithm for computing principal solutions as a set of rules for sim- 
plifying a set of inequalities and equations. A solved form is a system / containing only 
equations of the form / = {mi = n,...,u n — t„} where the parameters m are all different 
and have no other occurrence in /. Note that the substitution {wi/ti, u„/r„} associated 
to a solved form is trivially a principal solution. 

Definition 7 Given a type inequality system Tit, a), where t is linear, the type inequality 
algorithm applies the following simplification rules: 

(1) {K(n,...,r m ) <K'(t{,. ..,<)} U/^{r l(i) < 7# i= i,..,„ U J 
if K < K' and i = lk,k' 

(2) {u<u}Ul — > I 

(3) {u < t} U / — > {u = t} U I[u/t] 
if ' t 7^ u, u £ vars(r). 

(4) {t <u}Ul — > {u = Max(r)} U I[u/Max(r)} 

if t £V, u £ vars(Max(T)) and u ^ vars{l) for any KreE, 
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Intuitively, left-linearity of T(t, a) is crucial because it renders the binding of a parameter 
(point (3)) unique. 

Example 9 Consider X([x, [y]], Anylist) as in Ex. 7. The initial I is given by the inequality 
system in the example (where the type substitutions are removed). Applying (1) three times, 
we have 

I = {v7 < u 21 ,u 212 < u 21 ,List(u 21 ) < u 2 ,u 2 2 < u 2 ,u x < u> 2 < u e }. 
Applying (3) five times, we have 

I = {v? = u 21 , u 21 - 2 = u 21 , List(u 21 ) < u e , u 2 - 2 = u £ , u x = u £ , u 2 = u e }. 

Applying (4) once, we have 

I = {u y = u 21 ,u 21 ' 2 = u 21 ,u e = Anylist, u 22 = Anylist, u x = Anylist, 
u 2 = Anylist}. 

Proposition 11 Given a type inequality system X(t, a), where t is linear, the type inequality 
algorithm terminates with either a solved form, in which case the associated substitution is 
a principal solution, or a non-solved form in which case the system has no solution. 

Proof: Termination is proved by remarking that the sum of the sizes of the terms in left- 
hand sides of inequalities strictly decreases after each application of a rule. 

By Prop. 10 the initial system is left-linear and acyclic, and one can easily check that 
each rule preserves the left-linearity as well as the acyclicity of the system. 

Furthermore each rule preserves the satisfiability of the system and its principal solution 
if one exists. Indeed rules (1) and (2) preserve all solutions by definition of the subtyping 
order. Rule (3) replaces a parameter u by its upper bound r. As the system is left-linear 
this computes the principal solution for u, and thus preserves the principal solution of the 
system if one exists. Rule (4) replaces a parameter u having no occurrence in the left-hand 
side of an inequality, hence having no upper bound, by the maximum type of its lower bound 
t; this computes the principal solution for u and thus preserves the principal solution of the 
system if it exists. 

Now consider a normal form I' for /. If I' contains a non variable pair r < r' irreducible 
by (1), then and hence /, have no solution. Similarly /' has no solution if it contains an 
inequality u < r with u £ vars(r) or an inequality t < u with u S vars(Max(T)) (Prop. 5). 
In the other cases, by irreducibility and acyclicity, I' contains no inequality, hence /' is in 
solved form and the substitution associated to /' is a principal solution for /. □ 

The next lemma says that principality is stable under instantiation of types. 

Lemma 12 Let T(t, a) be a type inequality system, where t is linear, and G' a type substi- 
tution such that dom(Q') C pars(a) and ran{&) n pars(X(t,a)) =0. If Q is a principal 
solution ofX(t,(j), then 60' is a principal solution ofX{t,aO'). 
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Proof: Suppose 9 is computed by the algorithm of Def. 7, and that h,...,I m is the 
sequence of systems of this computation, i.e. 9 is equal to I m viewed as a substitution. By 
Def. 5, dom{Q) n pars(er) = 0. In particular, this means that no system Ij (j G {1, . . . , m}) 
contains an inequality r < u where u € pars(a) and r is not a parameter. It is easy to 
see that , . . . ,I m Q' is a computation of the algorithm for X(t,a&'), and hence 99' 
(i.e. I m Q' viewed as a substitution) is a principal solution of X(t, aO'). □ 



4.3 Principal Variable Typings 

The existence of a principal solution 9 of a type inequality system X(t,a) and Prop. 8 
motivate defining the variable typing U such that 9 is exactly the solution of X(t, a) corre- 
sponding to U. 

Definition 8 Let _\~t:<a, and 9 be a principal solution ofX(t,a). A variable typing U 
is principal for t and a if U D {x : u x Q \ x e vars(t)}. 

By the definition of a principal solution of X(t, a) and Prop. 8, if U is a principal variable 
typing for t and a, then for any U' such that U'{x) > U(x) for some x £ vars(t), we have 
U' \f t :< a. (since U' corresponds to an instantiation of the u x, s that is not a solution of 
X(t, a)). The following is a corollary of Lemma 12. 

Corollary 13 IfU is a principal variable typing fort and a, then UQ is a principal variable 
typing for t and a®. 

The following key lemma states conditions under which a substitution obtained by uni- 
fying two terms is indeed ordered. 

Lemma 14 Let s and t be terms, s linear, such that U h s :< p, U h t :< p, and there exists 
a substitution 9 such that s9 = t. Suppose 9 is a minimal matcher, i.e. dom(9) C vars(s). 
Suppose U is principal for s and p. Then there exists a type substitution 9 such that for 
vars(s) U £/Tv\ifars(s); we have that (9,U') is an ordered substitution. 

Proof: Since 9 is a minimal matcher, we have 

9 = {x/t 1 | 3(.x is subterm of s in £, t' is subterm of t in (}. 

It remains to be shown that there exists a type substitution 9 such that (9, U') as 
defined above is an ordered substitution. Let 9 S be the solution of X(s, p) corresponding 
to U, and 9 t be the solution of X(t, p) corresponding to U (see Prop. 8). Note that since 
U is principal for s and p, Q s is a principal solution. By Lemma 9, 9 S = 9 t U {u x /r^Q t | 
s has variable x in position £} is a solution of X(s,p), and moreover, since 9 S is a principal 
solution of X(s,p), there exists a type substitution 9 such that for each r occurring (on a 
left-hand side or right-hand side) in X(s,p), 

tBs < t9 s 9. (1) 
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In particular, let a; be a variable occurring in s in position £, and let t' be the subterm of 
t in position (. By Prop. 8, U' h t' : T^9 t . By Def. 8, x/u x Q s G [/, and so by Rule (Var), 
U' \- x : u x <d s Q. Since by definition of 9 S , r f 6 t = u x <d s , we also have U' \- t' : u x Q s , and 
so by (1), the condition in Def. 3 is fulfilled. Since the choice of x was arbitrary, the result 
follows. □ 



Example 10 Consider the term vectors (since Lemma 14 generalises in the obvious way 
to term vectors) s — (3,x) and t = (3,6), let p = (Int,Int) and U s = {x : Int}, Ut — 
(see Ex. 3). Note that U s is principal for s and p, and so ({x/6},[/ s U Ut) is an ordered 
substitution (Q is empty). 

In contrast, let s = (6,x) and t = (6,2.449), let p = (Real, Real) and U s = {x : 
Int}, Ut — 0. Then U s is not principal for s and p (the principal variable typing would 
be {x/Real}^, and indeed, there exists no such that ({x/2.449}, U S Q U U t ) is an ordered 
substitution. 



5 Nicely Typed Programs 

In the previous section, we have seen that matching, linearity, and principal variable typings 
are crucial to ensure that unification yields ordered substitutions (see Lemma 14). In this 
section, we define three corresponding conditions on programs and the execution model. 

We will generalise concepts defined for terms in the previous section, to term vectors. In 
particular, we consider principal variable typings for a term vector i and a type vector a 
(Def. 8). Also, Lemma 14 generalises to term vectors in the obvious way (conceptually, one 
could think of introducing special functors into the typed language so that any vector can 
be represented as an ordinary term). 

First, we define modes, which are a common concept used for verification [1]. For a 
predicate p/n, a mode is an atom p(mi, . . . ,m n ), where rrii £ {I, 0} for i 6 {1, . . . ,n}. 
Positions with / are called input positions, and positions with O are called output po- 
sitions of p. We assume that a fixed mode is associated with each predicate in a program. 
To simplify the notation, an atom written as p(s,t) means: s is the vector of terms filling 
the input positions, and i is the vector of terms filling the output positions. 

Definition 9 Consider a derivation step where p{s,t) is the selected atom and p{w,v) is 
the renamed apart clause head. The equation p{s,t) = p(w,v) is solvable by moded 
unification if there exist substitutions 6\ , 62 such thatwdi — s and vars{t9\)nvars{v6i) =0 
and t8 '162 — v9\ . 

A derivation where all unifications are solvable by moded unification is a moded deriva- 
tion. 

Moded unification is a special case of double matching. How moded derivations are 
ensured is not our problem here, and we refer to [2]. Note that the requirement of moded 
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derivations is stronger than input- consuming derivations [17] where it is only required that 
the MGU does not bind s. 

Definition 10 A query Q = Pi(si,ii), . . . ,p n (s n ,i n ) is nicely moded if t\, . . . ,i n is a 

linear vector of terms and for all i £ {1, . . . , n} 

n 

vars(si) ("1 (J vars{t 3 ) = 0. (2) 
The clause C = p(io,s n +i) <— Q is nicely moded if Q is nicely moded and 

n 

vars(t ) n |J vars(tj) = 0. (3) 
i=i 

A program is nicely moded if all of its clauses are nicely moded. 

An atom p(s, t) is input-linear if s is linear, output-linear if i is linear. 

Definition 11 Let 

C = Pf o ,<t n+1 (t0, S n +l) <- pi 1)fl (si,ti), . . . ,Pj n>fn (Sn,i n ) 

be a clause. If C is nicely moded, to is input-linear, and there exists a variable typing U 
such that U h C Clause, and for each i G {0, . . . , n}, U is principal for ti and f[, where f[ 
is the instance of fj used for deriving U V C Clause, then we say that C is nicely typed. 

A query Uq : Q is nicely typed if the clause Go <— Q is nicely typed. A program is 
nicely typed if all of its clauses are nicely typed. 

We can now state the main result. 

Theorem 15 (Subject reduction) Let C and Q be a nicely typed clause and query. If 
Q' is a resolvent of C and Q where the unification of the selected atom and the clause head 
is solvable by moded unification, then Q' is nicely typed. 

Proof: By [3, Lemma 11], Q' is nicely moded. Let Uc and Uq be the variable typings used 
to type C and Q, respectively (in the sense of Def. 11). 

Let Pa,f(s,t) S Q be the selected atom and C = p(w,v) <— B. By Rule (Headatom), 
Uc l~ (w,v) :< (<r,f). Moreover, Uq h (s,t) :< (a,f)Q for some type substitution 9. Let 
U = Uq U Uc&- Note that since vars(C) n vars(Q) = 0, U is a variable typing. By Lemma 
6, we have U h B Query and U h p(w, v) Atom (but not necessarily U h C Clause, because 
of the special rule for head atoms) and in particular, U h (w,v) :< (a,f)Q. 

Since C is nicely typed, it follows by Cor. 13 that U is principal for w and (70. Moreover 
by assumption of moded unification, there exists a substitution Oi such that w9\ = s. We 
assume 9\ is minimal, i.e. dom{6\) C vars(w). By Lemma 14, there exists a variable typing 
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U 1 such that (61, U') is an ordered substitution, and moreover U' \v\vars(w)— U \v\vars(w) ■ 
Therefore by Lemma 7, U' h B#i Query and U' h Q0i Query. In particular, {/' h u#i :< f 9. 

Now since Q is nicely typed and U' \v a rs(Q) = UQ\ Va rs(Q), U' is principal for t and f9. 
Moreover by assumption of moded unification, there exists a minimal substitution O2 such 
that t02 = v9\. By Lemma 14, there exists a variable typing U" such that (62, U") is an 
ordered substitution, and moreover U" \v\vars(t) = U' |"v\vars(t)- Therefore by Lemma 7, 
U" h B6>i6> 2 Query and £/" h Q0!02 Query. Hence by Rule (Query), U" h Q' Qwery. 
Finally, f/"lv\(vars(iD)uvars(t))= C / fv\(var S (e)uvar S (ri) and so by the linearity conditions and 
(2) in Def. 10, it follows that 

• if i' is an output argument vector in Q, other than i, and f' is the instance of the 
declared type off used for deriving Uq h Q Query, then U" fvars(F') = ^Qtvars(P)) 
Qi@2 tvars(t')— 0> an d hence U" is a principal variable typing for i'6162 and f', 

• analogously, if F is an output argument vector in B, and f' is the instance of the 
declared type oft' used for deriving Uc r- C Clause, then U" tvors(t') = ^C0tvors(t')' 
^1^2 tvars(f)— 0j and hence, by Cor. 13, U" is a principal variable typing for t'6-162 
and f'9. 

So we have shown that Q' is nicely moded, {/" is a variable typing such that U" h 
Q' Query, and the principality requirement on U" is fulfilled. Thus Q' is a nicely-typed 
query. □ 

To conclude, we state subject reduction as a property of an entire derivation. 

Corollary 16 Any derivation for a nicely typed program P and a nicely typed query Q 
contains only nicely typed queries. 

Example 11 Consider again Ex. 3. The program is nicely typed, where the declared types 
are given in that example, and the first position of each predicate is input, and the second 
output. Both queries are nicely moded. The first query is also nicely typed, whereas the 
second is not (see also Ex. 10). For the first query, we have subject reduction, for the second 
we do not have subject reduction. 

6 Discussion 

In this paper, we have proposed criteria for ensuring subject reduction for typed logic pro- 
grams with subtyping under the untyped execution model. Our starting point was a com- 
parison between functional and logic programming: In functional programs, there is a clear 
notion of dataflow, whereas in logic programming, there is no such notion a priori, and ar- 
guments can serve as input arguments and output arguments. This difference is the source 
of the difficulty of ensuring subject reduction for logic programs. We thus coped with the 
problem by introducing modes into a program, so that there is a fixed direction of dataflow. 
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To understand better the numerous conditions for ensuring subject reduction, it is useful 
to distinguish roughly between four kinds of conditions: (1) "basic" type conditions on the 
program (Sec. 2), (2) conditions on the execution model (Def. 9), (3) mode conditions on 
the program (Def. 10), (4) "additional" type conditions on the program (Def. 11). We will 
refer to this distinction below. 

Concerning (1), our notion of subtyping deserves discussion. Approaches differ with 
respect to conditions on the arities of type constructors for which there is a subtype 
relation. Beierle [4] assumes that the (constructor) order is only defined for type con- 
stants, i.e. constructors of arity 0. Thus we could have Int < Real, and so by extension 
List(lnt) < List(Real), but not List(lnt) < Tree(Real). Many authors assume that only 
constructors of the same arity are comparable. Thus we could have List(lnt) < Tree(Real), 
but not List(Int) < Anylist. We assume, as [6], that if K < K 1 , then the arity of K' must 
not be greater that the arity of K. Other authors have been vague about justifying their 
choice, suggesting that one could easily consider modifications. We think that this choice 
is crucial for the existence of principal types. In particular, if one allowed for comparing 
constructors of arbitrary arities, then the existence of a maximum above any type (Prop. 3) 
would not be guaranteed. 

The PAN type system has been proposed in [12] and described in detail in [20]. It is 
argued there that comparisons between constructors of arbitrary arity should be allowed in 
principle, and that the subtype relation should be defined by a relation between argument 
positions of constructors, similar to our i (see Table 1). However, we believe that this con- 
struction is flawed: It is claimed that under some simple conditions, the subtyping relation 
implies a subset relation between the sets of terms represented by the types, while in fact, 
their formalism would allow for NonemptyList(lnt) < List (String) (where those types are 
declared as expected) even though the set of non-empty integer lists is not a subset of the 
set of string lists. They define extensional type bases, essentially meaning typed languages 
where also the converse holds, i.e., the subtyping relation exactly corresponds to the subtype 
relation. Nothing is said about decidability of this property, although the formalism heavily 
relies on this concept. Furthermore the very example given in order to motivate the need 
for such a general subtyping relation is not extensional. 

Technically, what is crucial for subject reduction is that substitutions are ordered: each 
variable is replaced with a term of a smaller type. In Section 4, we give conditions under 
which unification of two terms yields an ordered substitution: the unification is a matching, 
the term that is being instantiated is linear and is typed using a principal variable typing. 
The linearity requirement ensures that a principle variable typing exists and can be computed 
(Subsec. 4.2). The conditions guarantee that the type of each variable x that is being bound 
to t can be instantiated so that it is greater than the type of t. 

In Sec. 5, we show how those conditions on the level of a single unification translate 
to conditions on the program and the execution model (points 2-4 above). We introduce 
modes and assume that programs are executed using moded unification (2). This might 
be explicitly enforced by the compiler by modifying the unification procedure (which would 
have to yield a runtime error if the atoms are unifiable but violating the mode requirement) . 
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Alternatively, it can be verified statically that a program will be executed using moded 
unification. In particular, nicely moded programs are very amenable to such verification [2]. 
Moded unification can actually be very beneficial for efficiency, as witnessed by the language 
Mercury [19]. Apart from that, (3) nicely-modedness states the linearity of the terms being 
instantiated in a unification. Nicely-modedness is designed so that it is persistent under 
resolution steps, provided clause heads are input-linear. Finally, (4) nicely-typedness states 
that the instantiated terms must be typed using a principal variable typing. 

Nicely-modedness has been widely used for verification purposes (e.g. [2]). In particular, 
the linearity condition on the output arguments is natural: it states that every piece of 
data has at most one producer. Input-linearity of clause heads however can sometimes be a 
demanding condition, since it rules out equality tests between input arguments [16, Section 
10.2]. 

Note that introducing modes into logic programming does not mean that logic programs 
become functional. The aspect of non-determinacy (possibility of computing several solu- 
tions for a query) remains. 

Even though our result on subject reduction means that it is possible to execute programs 
without maintaining the types at runtime, there are circumstances where keeping the types 
at runtime is desirable, for example for memory management or for some extra logical 
operations like printing, or in higher-order logic programming where the existence and shape 
of unifiers depends on the types [14]. 

There is a relationship between our notion of subtyping and transparency (see Sub- 
sec. 2.2). It has been observed in [10] that transparency is essential for substitutions ob- 
tained from unification to be typed. Transparency ensures that two terms of the same 
type have identical types in all corresponding subterms, e.g. if [1] and [x] are both of type 
List(lnt), we are sure that x is of type Int. Now in a certain way, allowing for a subtyping 
relation that "forgets" parameters undermines transparency. For example, we can derive 
{x : String} h [x] = [1] Atom, since List(String) < Anylist and List(lnt) < Anylist, 
even though Int and String are incomparable. We compensate for this by requiring princi- 
pal variable typings. The principal variable typing for [x] and Anylist contains {x : u x }, and 
so u x can be instantiated to Int. However, our intuition is that whenever this phenomenon 
("forgetting" parameters) occurs, requiring principal variable typings is very demanding; but 
then, if variable typings are not principal, subject reduction is likely to be violated. As a 
topic for future work, we want to substantiate this intuition by studying examples. In par- 
ticular, we want to see if the conditions (in particular, assuming principal variable typings) 
are too demanding, in the sense that there are interesting programs that satisfy subject 
reduction under more general assumptions. 
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